We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Security warning! PowerPoint is new hacker 'weapon'

Office under attack again

Attackers have found another hole in Microsoft's Office products. On Thursday, Symantec reported that it has discovered a targeted attack that takes advantage of an unpatched vulnerability in Microsoft's PowerPoint software.

The hackers behind this attack are using the same techniques that were used in previously reported Word and Excel attacks, said Dave Cole, director at Symantec Security Response. "It's similar to the pattern we've seen over the past few months where they're using a previously unknown Microsoft vulnerability and an email enticement to get a backdoor to someone's machine."

Cole believes the same hackers may be behind all three attacks. "It looks like it may be the same group, based on the similarity of the attacks," he said.

As with the Word and Excel incidents, this latest malware is not widespread.

This PowerPoint attack was discovered late on Wednesday by a Symantec customer, who received a Chinese-character email from a Gmail account. The email contained a PowerPoint attachment that installed two pieces of malicious code when opened: a Trojan program, called Trojan.PPDDropper.B, and a backdoor program called Backdoor.Bifrose.E.

The backdoor program tries to cover its tracks by writing over the original PowerPoint document. It then awaits instructions from the attackers, who can use it to control the infected system.

Office is fast becoming the target of choice for hackers.

Microsoft patched a total of 12 Office vulnerabilities on Tuesday, but the PowerPoint bug used by this latest malware was not one of them, according to Cole.

Microsoft is investigating the vulnerability, said Stephen Toulouse, a security program manager with Microsoft's security response centre.

Symantec is studying it as well. The security vendor said it does not yet know if the attack is specific to PowerPoint, or whether it affects all Office products.


IDG UK Sites

Nexus 6 vs Sony Xperia Z3 comparison: Lollipop phablet takes on KitKat flagship smartphone

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...